This repository has been archived by the owner on May 13, 2022. It is now read-only.
/
config.go
127 lines (111 loc) · 3.35 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package main
import (
"errors"
"io/ioutil"
"github.com/BurntSushi/toml"
"github.com/amsterdam/authz/oauth2"
)
const (
defaultBindHost = ""
defaultBindPort = 8080
defaultAuthnTimeout = 600
defaultAuthzUpdateInterval = 60
)
// Config represents the configuration format for the server.
type config struct {
BindHost string `toml:"bind-host"`
BindPort int `toml:"bind-port"`
BaseURL string `toml:"base-url"`
PprofEnabled bool `toml:"pprof-enabled"`
AuthnTimeout int `toml:"authn-timeout"`
TraceHeader string `toml:"trace-header-name"`
LogJSON bool `toml:"log-json-output"`
Roles rolesConfig `toml:"roles"`
DatapuntIDP datapuntIDPConfig `toml:"idp-datapunt"`
GoogleIDP googleIDPConfig `toml:"idp-google"`
GripIDP gripIDPConfig `toml:"idp-grip"`
Clients clientMap `toml:"clients"`
Authz authzConfig `toml:"authorization"`
Redis redisConfig `toml:"redis"`
Accesstoken accessTokenConfig `toml:"accesstoken"`
}
// accessToken configuration
type accessTokenConfig struct {
JWKS string `toml:"jwk-set"`
KID string `toml:"jwk-id"`
Lifetime int64 `toml:"lifetime"`
Issuer string `toml:"issuer"`
}
// Redis configuration
type redisConfig struct {
Address string `toml:"address"`
Password string `toml:"password"`
}
// Datapunt authorization config
type authzConfig struct {
BaseURL string `toml:"base-url"`
UpdateInterval int `toml:"update-interval"`
}
// Datapunt user roles config
type rolesConfig struct {
AccountsURL string `toml:"accounts-url"`
APIKey string `toml:"api-key"`
}
// DatapuntIDPConfig contains DP IdP config
type datapuntIDPConfig struct {
BaseURL string `toml:"base-url"`
Secret string `toml:"secret"`
}
// GoogleIDPConfig contains Google IdP config
type googleIDPConfig struct {
ClientID string `toml:"client-id"`
ClientSecret string `toml:"client-secret"`
}
type gripIDPConfig struct {
TenantID string `toml:"tenant-id"`
ClientID string `toml:"client-id"`
ClientSecret string `toml:"client-secret"`
}
// Client configuration
type clientConfig struct {
Redirects []string `toml:"redirects"`
Secret string `toml:"secret"`
GrantType string `toml:"granttype"`
}
// Client lookup
type clientMap map[string]clientConfig
// Implements oauth2.ClientMap
func (m clientMap) Get(id string) (*oauth2.Client, error) {
if c, ok := m[id]; ok {
return &oauth2.Client{
ID: id, Redirects: c.Redirects, Secret: c.Secret, GrantType: c.GrantType,
}, nil
}
return nil, errors.New("Unknown client id")
}
// loadConfig returns an instance of Config with reasonable defaults.
func loadConfig(configPath string) (*config, error) {
config := &config{
BindHost: defaultBindHost,
BindPort: defaultBindPort,
AuthnTimeout: defaultAuthnTimeout,
}
if configPath != "" {
if err := tomlToConfig(configPath, config); err != nil {
return nil, err
}
}
if config.Authz.UpdateInterval == 0 {
config.Authz.UpdateInterval = defaultAuthzUpdateInterval
}
return config, nil
}
// tomlToConfig merges the toml file with our config.
func tomlToConfig(tomlPath string, config *config) error {
bs, err := ioutil.ReadFile(tomlPath)
if err != nil {
return err
}
_, err = toml.Decode(string(bs), config)
return err
}